CA2497561A1 - Method and system of securely escrowing private keys in a public key infrastructure - Google Patents

Method and system of securely escrowing private keys in a public key infrastructure Download PDF

Info

Publication number
CA2497561A1
CA2497561A1 CA002497561A CA2497561A CA2497561A1 CA 2497561 A1 CA2497561 A1 CA 2497561A1 CA 002497561 A CA002497561 A CA 002497561A CA 2497561 A CA2497561 A CA 2497561A CA 2497561 A1 CA2497561 A1 CA 2497561A1
Authority
CA
Canada
Prior art keywords
key
session
recovery
session key
mask
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002497561A
Other languages
French (fr)
Other versions
CA2497561C (en
Inventor
Richard F. Andrews
Zhiyong Huang
Tom Qi Xiong Ruan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gen Digital Inc
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CA2497561A1 publication Critical patent/CA2497561A1/en
Application granted granted Critical
Publication of CA2497561C publication Critical patent/CA2497561C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A method of restricting access to private keys in a public key infrastructure provides for storage of an encrypted private key at a primary site. A masked session key is stored at a secondary site, where the masked session key enables recovery of the private key. By using distributed storage architecture for recovery data, simplification can be achieved without sacrificing security.

Claims (58)

  1. What is claimed is:

    i. A method of restricting access to a private key wherein the private key is stored at a primary site, the method comprising:
    authenticating, at a secondary site, a key escrow requester based on a first administrator certificate;
    verifying that the authenticated key escrow requester is associated with a key escrow privilege;
    receiving a masked session key from the key escrow requester over a secure escrow connection;
    storing the masked session key to a memory located at the secondary site;
    authenticating, at the secondary site, a key recovery requester based on a second administrator certificate;
    verifying that the key recovery requester is associated with a key recovery privilege; and sending the masked session key to the key recovery requester over a secure recovery connection, the masked session key enabling recovery of the private key.
  2. 2. The method of claim 1 further including authenticating a plurality of key escrow requesters based on a corresponding plurality of administrator certificates, authentication of all of the key escrow requesters being required before performing the associating.
  3. 3. The method of claim 1 further including authenticating a plurality of key recovery requesters based on a corresponding plurality of administrator certificates, authentication of all of the key recovery requesters being required before performing the sending.
  4. 4. A method of restricting access to private keys wherein a protected private key is stored at a primary site, the method comprising:

    storing a protected session value at a secondary site, the protected session value enabling recovery of the private key.
  5. 5. The method of claim 4 further including:
    authenticating a key escrow requester based on an administrator certificate;
    verifying that the authenticated key escrow requester is associated with a key escrow privilege; and receiving the protected session value from the authenticated key escrow requester over a secure escrow connection.
  6. 6. The method of claim 5 further including storing the protected session value to a memory located at the secondary site.
  7. 7. The method of claim 5 wherein the authenticated key escrow requester is an administrator at the primary site.
  8. 8. The method of claim 5 further including authenticating a plurality of key escrow requesters based on a corresponding plurality of authentication certificates, authentication of all of the key escrow requesters being required before the associating.
  9. 9. The method of claim 4 further including:
    authenticating a key recovery requester based on an administrator certificate;
    retrieving the protected session value from a memory located at the secondary site; and sending the protected session value to the authenticated key recovery requester over a secure recovery connection.
  10. 10. The method of claim 9 further including verifying that the authenticated key recovery requestor is associated with a key recovery privilege.
  11. 11. The method of claim 9 wherein the authenticated key recovery requestor is an administrator at the primary site.
  12. 12. The method of claim 9 further including authenticating a plurality of key recovery requestors based on a corresponding plurality of administrator certificates, authentication of all of the key recovery requestors being required before performing the sending.
  13. 13. The method of claim 9 further including recording the sending in an audit trail.
  14. 14. The method of claim 4 wherein the private key is protected by at least one of encrypting the private key with a session key and performing an exclusive-OR (XOR) operation between the private key and a session mask.
  15. 15. The method of claim 4 wherein the session value is protected by at least one of performing an exclusive-OR (XOR) operation between the session value and a mask and encrypting the session value with a masking key.
  16. 16. The method of claim 4 further including issuing an administrator certificate to an administrator at the primary site.
  17. 17. A machine-readable storage medium including a stored set of key escrow instructions capable of being executed by a processor to:
    encrypt a private key of a key pair with a session key;

    store a first recovery datum and the encrypted private key at a primary site; and send a second recovery datum to a secondary site, the first recovery datum and the second recovery datum enabling recovery of the private key.
  18. 18. The medium of claim 17 wherein the instructions are further capable of being executed by a processor to:
    generate a mask, the first recovery datum including the mask;
    perform an exclusive-OR (XOR) operation between the mask and the session key, the XOR operation resulting in a masked session key, the second recovery datum including the masked session key; and destroying the session key.
  19. 19. The medium of claim 18 wherein the instructions are further capable of being executed by a processor to generate the mask based on a pseudo-random string generation algorithm.
  20. 20. The medium of claim 18 wherein the mask and the session key have an identical bit length.
  21. 21. The medium of claim 17 wherein the first recovery datum is a mask and the second recovery datum is a masked session key.
  22. 22. The medium of claim 17 wherein the instructions are further capable of being executed by a processor to:
    generate the key pair; and generate the session key.
  23. 23. The medium of claim 17 wherein the instructions are further capable of being executed by a processor to send the second recovery datum to the secondary site over a secure escrow connection.
  24. 24. A machine-readable storage medium including a stored set of key recovery instructions capable of being executed by a processor to:
    retrieve a first recovery datum and an encrypted private key from a memory located at a primary site;
    receive a second recovery datum from a secondary site; and the decrypting the encrypted private key based on the first recovery datum and the second recovery datum.
  25. 25. The medium of claim 24 wherein the instructions are further capable of being executed by a processor to:
    performing an exclusive-OR (XOR) operation between the first recovery datum and the second recovery datum, the XOR operation resulting in a session key;
    retrieving an encrypted private key from a memory located at the primary site; and decrypting the encrypted private key based on the session key.
  26. 26. The medium of claim 25 wherein the first recovery datum includes a mask and the second recovery datum includes a masked session key.
  27. 27. The medium of claim 24 wherein instructions are further capable of being executed by a processor to receive the second recovery datum from the secondary site over a secure recovery connection.
  28. 28. The medium of claim 24 wherein the instructions are further capable of being executed by a processor to combine the decrypted private key with a corresponding key pair certificate into a file.
  29. 29. A method for recovering a key, including:
    protecting a first key with a session value at a first site;

    performing an XOR operation on the session value and a nonce to obtain a masked session value at the first site;
    storing the nonce and the protected first key at the first site;
    deleting the session value from memory at the first site; and sending the masked session value to a second site.
  30. 30. The method of claim 29 wherein the first key is protected by at least one of encrypting the first key with a session key and performing an XOR operation between the first key and a session mask.
  31. 31. The method of claim 29, including:
    receiving a key recovery request;
    determining if the requester is authentic;
    determining if the requester is authorized to recover the key;
    if the requester is authentic and authorized to recover the key, then sending the masked session value to the first site;
    performing an XOR operation on the nonce and the masked session value at the first site to obtain the session value; and recovering the protected first key using the session value.
  32. 32. A method for recovering a key, including:
    encrypting a key using a secret;
    transforming the secret into a first piece of data and a second piece of data;
    deleting the secret;
    separating the first piece of data from the second piece of data;
    reuniting the first and second pieces of data only when certain requirements are met;
    after reuniting the first and second pieces of data, transforming the first and second pieces of data into the secret; and decrypting the key using the secret.
  33. 33. A method for escrowing a private key in a public key infrastructure, comprising:
    creating a key pair including a private key and a public key;
    creating a session key;
    encrypting the private key using the session key;
    creating a session key mask;
    storing the encrypted private key and the session key mask;
    creating a masked session key by exclusive-ORing the session key and the session key mask;
    deleting the session key; and sending the masked session key and a digital certificate to a secondary site.
  34. 34. The method of claim 33, further comprising:
    sending a key recovery request, including the digital certificate, to the secondary site;
    receiving the masked session key from the secondary site;
    recreating the session key by exclusive-ORing the masked session key and the session key mask; and recovering the private key by decrypting the encrypted private key using the recreated session key.
  35. 35. The method of claim 33, wherein the session key is a symmetric key.
  36. 36. The method of claim 33, wherein said creating the session key includes using a triple-data encryption standard and an initialization vector.
  37. 37. The method of claim 33, wherein the session mask is a random string having a bit-length equal to the session key.
  38. 38. The method of claim 33, wherein the session mask is a pseudo-random string having a hit-length equal to the session key.
  39. 39. The method of claim 34, wherein the key recovery request includes a plurality of digital certificates.
  40. 40. The method of claim 34, further comprising;
    combining the decrypted private key with a corresponding key pair certificate.
  41. 41. The method of claim 34, further comprising:
    creating an audit trail at the secondary site associated with the key recovery request.
  42. 42. A computer readable medium including instructions adapted to be executed by a processor to perform a method for escrowing a private key in a public key infrastructure, the method comprising:
    creating a key pair including a private key and a public key;
    creating a session key;
    encrypting the private key using the session key;
    creating a session key mask;
    storing the encrypted private key and the session key mask;
    creating a masked session key by exclusive-ORing the session key and the session key mask;
    deleting the session key; and sending the masked session key and a digital certificate to a secondary site.
  43. 43. The computer readable medium of claim 42, wherein the method further comprises:
    sending a key recovery request, including the digital certificate, to the secondary site;
    receiving the masked session key from the secondary site;

    recreating the session key by exclusive-Ring the masked session key and the session key mask; and recovering the private key by decrypting the encrypted private key using the recreated session key.
  44. 44. The computer readable medium of claim 42, wherein the session key is a symmetric key.
  45. 45. The computer readable medium of claim 42, wherein said creating the session key includes using a triple-data encryption standard and an initialization vector.
  46. 46. The computer readable medium of claim 42, wherein the session mask is a random string having a bit-length equal to the session key.
  47. 47. The computer readable medium of claim 42, wherein the session mask is a pseudo-random string having a bit-length equal to the session key.
  48. 48. The computer readable medium of claim 43, wherein the key recovery request includes a plurality of digital certificates.
  49. 49. The computer readable medium of claim 43, wherein the method further comprises:
    combining the decrypted private key with a corresponding key pair certificate.
  50. 50. The computer readable medium of claim 43, wherein the method further comprises:
    creating an audit trail at the secondary site associated with the key recovery request.
  51. 51. A system for escrowing a private key in a public key infrastructure, comprising:
    a secondary site, coupled to the network, including a secondary database and a control center; and a primary site, coupled to a network, including a primary database and a key management server, adapted to:
    create a key pair including a private key and a public key, create a session key, encrypt the private key using the session key, create a session key mask, store the encrypted private key and the session key mask in the primary database, create a masked session key by exclusive-ORing the session key and the session key mask, delete the session key, and send the masked session key and a digital certificate to the secondary site for storage within the secondary database.
  52. 52, The system of claim 51, wherein the primary site is further adapted to:
    send a key recovery request, including the digital certificate, to the secondary site;
    receive the masked session key from the secondary site;
    recreate the session key by exclusive-ORing the masked session key and the session key mask; and recover the private key by decrypting the encrypted private key using the recreated session key.
  53. 53. The system of claim 51, wherein the session key is a symmetric key.
  54. 54. The system of claim 51, wherein said creating the session key includes using a triple-data encryption standard and an initialization vector.
  55. 55. The system of claim 51, wherein the session mask is a random string having a bit-length equal to the session key.
  56. 56. The system of claim 51, wherein the session mask is a pseudo-random string having a bit-length equal to the session key.
  57. 57. The system of claim 52, wherein the key recovery request includes a plurality of digital certificates.
  58. 58. The system of claim 52, wherein the primary site is further adapted to:
    combine the decrypted private key with a corresponding key pair certificate.
CA2497561A 2002-09-03 2003-09-02 Method and system of securely escrowing private keys in a public key infrastructure Expired - Lifetime CA2497561C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US10/232,624 2002-09-03
US10/232,624 US6931133B2 (en) 2002-09-03 2002-09-03 Method and system of securely escrowing private keys in a public key infrastructure
PCT/US2003/027342 WO2004023713A1 (en) 2002-09-03 2003-09-02 Method and system of securely escrowing private keys in a public key infrastructure

Publications (2)

Publication Number Publication Date
CA2497561A1 true CA2497561A1 (en) 2004-03-18
CA2497561C CA2497561C (en) 2011-10-11

Family

ID=31977051

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2497561A Expired - Lifetime CA2497561C (en) 2002-09-03 2003-09-02 Method and system of securely escrowing private keys in a public key infrastructure

Country Status (14)

Country Link
US (1) US6931133B2 (en)
EP (1) EP1540876A4 (en)
JP (1) JP4680596B2 (en)
KR (1) KR20050027278A (en)
CN (1) CN1784850A (en)
AU (1) AU2003260138B2 (en)
BR (1) BR0313958A (en)
CA (1) CA2497561C (en)
IL (1) IL167140A (en)
MX (1) MXPA05002417A (en)
NO (1) NO20051666L (en)
NZ (1) NZ538959A (en)
WO (1) WO2004023713A1 (en)
ZA (1) ZA200501773B (en)

Families Citing this family (70)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050044413A1 (en) * 2003-02-05 2005-02-24 Accenture Global Services Gmbh Secure electronic registration and voting solution
CN1906558A (en) * 2003-12-30 2007-01-31 威步系统股份公司 Authorization code recovering method
US7437551B2 (en) * 2004-04-02 2008-10-14 Microsoft Corporation Public key infrastructure scalability certificate revocation status validation
US7379551B2 (en) * 2004-04-02 2008-05-27 Microsoft Corporation Method and system for recovering password protected private data via a communication network without exposing the private data
US20060098818A1 (en) * 2004-11-10 2006-05-11 International Business Machines (Ibm) Corporation Encryption technique for asynchronous control commands and data
US20060182283A1 (en) * 2005-02-14 2006-08-17 Tricipher, Inc. Architecture for asymmetric crypto-key storage
US20060182277A1 (en) * 2005-02-14 2006-08-17 Tricipher, Inc. Roaming utilizing an asymmetric key pair
WO2006078572A2 (en) * 2005-01-18 2006-07-27 Tricipher, Inc. Asymmetric crypto-graphy with rolling key security
US7831833B2 (en) * 2005-04-22 2010-11-09 Citrix Systems, Inc. System and method for key recovery
US20070039042A1 (en) * 2005-08-12 2007-02-15 First Data Corporation Information-security systems and methods
JP4352054B2 (en) * 2006-01-23 2009-10-28 株式会社東芝 Information processing apparatus and key restoration method
GB2434947B (en) * 2006-02-02 2011-01-26 Identum Ltd Electronic data communication system
US7992203B2 (en) 2006-05-24 2011-08-02 Red Hat, Inc. Methods and systems for secure shared smartcard access
US8098829B2 (en) * 2006-06-06 2012-01-17 Red Hat, Inc. Methods and systems for secure key delivery
US8332637B2 (en) * 2006-06-06 2012-12-11 Red Hat, Inc. Methods and systems for nonce generation in a token
US8180741B2 (en) 2006-06-06 2012-05-15 Red Hat, Inc. Methods and systems for providing data objects on a token
US8364952B2 (en) * 2006-06-06 2013-01-29 Red Hat, Inc. Methods and system for a key recovery plan
US8495380B2 (en) * 2006-06-06 2013-07-23 Red Hat, Inc. Methods and systems for server-side key generation
US9769158B2 (en) * 2006-06-07 2017-09-19 Red Hat, Inc. Guided enrollment and login for token users
US8589695B2 (en) * 2006-06-07 2013-11-19 Red Hat, Inc. Methods and systems for entropy collection for server-side key generation
US8099765B2 (en) 2006-06-07 2012-01-17 Red Hat, Inc. Methods and systems for remote password reset using an authentication credential managed by a third party
US8707024B2 (en) * 2006-06-07 2014-04-22 Red Hat, Inc. Methods and systems for managing identity management security domains
US8412927B2 (en) 2006-06-07 2013-04-02 Red Hat, Inc. Profile framework for token processing system
US8806219B2 (en) * 2006-08-23 2014-08-12 Red Hat, Inc. Time-based function back-off
US8787566B2 (en) * 2006-08-23 2014-07-22 Red Hat, Inc. Strong encryption
US9038154B2 (en) * 2006-08-31 2015-05-19 Red Hat, Inc. Token Registration
US8977844B2 (en) 2006-08-31 2015-03-10 Red Hat, Inc. Smartcard formation with authentication keys
US8074265B2 (en) 2006-08-31 2011-12-06 Red Hat, Inc. Methods and systems for verifying a location factor associated with a token
US8356342B2 (en) 2006-08-31 2013-01-15 Red Hat, Inc. Method and system for issuing a kill sequence for a token
US8245050B1 (en) 2006-09-29 2012-08-14 Netapp, Inc. System and method for initial key establishment using a split knowledge protocol
US8693690B2 (en) 2006-12-04 2014-04-08 Red Hat, Inc. Organizing an extensible table for storing cryptographic objects
US8813243B2 (en) 2007-02-02 2014-08-19 Red Hat, Inc. Reducing a size of a security-related data object stored on a token
US8639940B2 (en) * 2007-02-28 2014-01-28 Red Hat, Inc. Methods and systems for assigning roles on a token
US8832453B2 (en) 2007-02-28 2014-09-09 Red Hat, Inc. Token recycling
US9081948B2 (en) 2007-03-13 2015-07-14 Red Hat, Inc. Configurable smartcard
US8611542B1 (en) 2007-04-26 2013-12-17 Netapp, Inc. Peer to peer key synchronization
US8824686B1 (en) 2007-04-27 2014-09-02 Netapp, Inc. Cluster key synchronization
US8196182B2 (en) 2007-08-24 2012-06-05 Netapp, Inc. Distributed management of crypto module white lists
US9774445B1 (en) 2007-09-04 2017-09-26 Netapp, Inc. Host based rekeying
DE102008019627B4 (en) 2008-04-18 2022-03-17 Samedi Gmbh System and method for secure storage and release of application data
DE102008023912A1 (en) * 2008-05-16 2009-11-19 Siemens Aktiengesellschaft Method and storage device for providing a cryptographic key
US8995665B1 (en) * 2008-08-20 2015-03-31 Symantec Corporation Role based encryption without key management system
CN101567780B (en) * 2009-03-20 2011-05-18 武汉理工大学 Key management and recovery method for encrypted digital certificate
DE102009022233A1 (en) * 2009-05-20 2010-11-25 Feustel, Dietmar Use of a character string in systems of cryptography, statistics, simulation, randomization, slot machines and the like.
CN101640590B (en) * 2009-05-26 2012-01-11 深圳市安捷信联科技有限公司 Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof
FR2952256B1 (en) * 2009-11-04 2011-12-16 St Microelectronics Rousset PROTECTION OF AN ENCRYPTION KEY AGAINST UNIDIRECTIONAL ATTACKS
US8971539B2 (en) * 2010-12-30 2015-03-03 Verisign, Inc. Management of SSL certificate escrow
CN102377564B (en) * 2011-11-15 2015-03-11 华为技术有限公司 Method and device for encrypting private key
JP5875441B2 (en) 2012-03-29 2016-03-02 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation Apparatus and method for encrypting data
US8832443B2 (en) * 2012-05-31 2014-09-09 Daon Holdings Limited Methods and systems for increasing the security of private keys
US8744078B2 (en) 2012-06-05 2014-06-03 Secure Channels Sa System and method for securing multiple data segments having different lengths using pattern keys having multiple different strengths
US9166958B2 (en) * 2012-07-17 2015-10-20 Texas Instruments Incorporated ID-based control unit-key fob pairing
US9106411B2 (en) * 2012-09-30 2015-08-11 Apple Inc. Secure escrow service
JP6030925B2 (en) 2012-11-12 2016-11-24 ルネサスエレクトロニクス株式会社 Semiconductor device and information processing system
JP6082589B2 (en) * 2012-12-25 2017-02-15 株式会社日立ソリューションズ Encryption key management program, data management system
US9264222B2 (en) * 2013-02-28 2016-02-16 Apple Inc. Precomputing internal AES states in counter mode to protect keys used in AES computations
CN103248476B (en) * 2013-05-02 2016-10-26 华为数字技术(苏州)有限公司 The management method of data encryption key, system and terminal
KR101472507B1 (en) * 2014-01-22 2014-12-12 고려대학교 산학협력단 Method for an outsourcing computation
CN106104562B (en) * 2014-03-10 2020-04-28 钱晓燕 System and method for securely storing and recovering confidential data
US9571279B2 (en) * 2014-06-05 2017-02-14 Cavium, Inc. Systems and methods for secured backup of hardware security modules for cloud-based web services
CN105985021B (en) * 2015-02-27 2018-08-21 西门子工厂自动化工程有限公司 The formula choosing method of on-line coating film of float glass
CN106209373B (en) * 2015-04-30 2019-05-17 富泰华工业(深圳)有限公司 Key generation system, data stamped signature and encryption system and method
US10671546B2 (en) * 2015-09-30 2020-06-02 Hewlett Packard Enterprise Development Lp Cryptographic-based initialization of memory content
US10103885B2 (en) 2016-01-20 2018-10-16 Mastercard International Incorporated Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography
CN106992865B (en) * 2017-03-30 2019-02-15 北京深思数盾科技股份有限公司 Data signature method and system, data sign test method and device
CN108242999B (en) * 2017-10-26 2021-04-16 招商银行股份有限公司 Key escrow method, device and computer-readable storage medium
US10439812B2 (en) * 2018-02-02 2019-10-08 SquareLink, Inc. Technologies for private key recovery in distributed ledger systems
WO2019178559A1 (en) * 2018-03-15 2019-09-19 Medici Ventures, Inc. Splitting encrypted key and encryption key used to encrypt key into key components allowing assembly with subset of key components to decrypt encrypted key
KR102470261B1 (en) * 2021-03-05 2022-11-25 논스랩 주식회사 Method and system for generating and restoring a private key by using GPS data of pictures
US11743039B2 (en) * 2021-04-20 2023-08-29 Coinbase Il Rd Ltd. System and method for data encryption using key derivation

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4941176A (en) * 1988-08-11 1990-07-10 International Business Machines Corporation Secure management of keys using control vectors
US5825880A (en) * 1994-01-13 1998-10-20 Sudia; Frank W. Multi-step digital signature method and system
MX9602773A (en) * 1994-01-13 1997-05-31 Bankers Trust Co Cryptographic system and method with key escrow feature.
DE69638307D1 (en) * 1995-06-05 2011-01-27 Cqrcert Llc Method and device for digital signature in several steps
JPH10177341A (en) * 1996-07-26 1998-06-30 Nippon Telegr & Teleph Corp <Ntt> Method and system for depositing secret key for ras cipher
US6064738A (en) * 1996-12-10 2000-05-16 The Research Foundation Of State University Of New York Method for encrypting and decrypting data using chaotic maps
US6335972B1 (en) * 1997-05-23 2002-01-01 International Business Machines Corporation Framework-based cryptographic key recovery system
US6370251B1 (en) * 1998-06-08 2002-04-09 General Dynamics Decision Systems, Inc. Traffic key access method and terminal for secure communication without key escrow facility
JP3820777B2 (en) * 1998-11-12 2006-09-13 富士ゼロックス株式会社 Private key deposit system and method
US6662299B1 (en) * 1999-10-28 2003-12-09 Pgp Corporation Method and apparatus for reconstituting an encryption key based on multiple user responses
JP2001268067A (en) * 2000-03-22 2001-09-28 Nippon Telegr & Teleph Corp <Ntt> Key recovery method and key management system

Also Published As

Publication number Publication date
BR0313958A (en) 2005-08-02
CA2497561C (en) 2011-10-11
AU2003260138B2 (en) 2008-09-25
IL167140A (en) 2011-01-31
EP1540876A4 (en) 2005-11-30
MXPA05002417A (en) 2005-06-22
ZA200501773B (en) 2005-09-06
WO2004023713B1 (en) 2004-06-10
EP1540876A1 (en) 2005-06-15
JP4680596B2 (en) 2011-05-11
WO2004023713A1 (en) 2004-03-18
NO20051666L (en) 2005-06-03
NZ538959A (en) 2006-11-30
CN1784850A (en) 2006-06-07
US6931133B2 (en) 2005-08-16
KR20050027278A (en) 2005-03-18
JP2005537763A (en) 2005-12-08
US20040042620A1 (en) 2004-03-04
AU2003260138A1 (en) 2004-03-29

Similar Documents

Publication Publication Date Title
CA2497561A1 (en) Method and system of securely escrowing private keys in a public key infrastructure
Miller et al. Strong Security for {Network-Attached} Storage
US7565702B2 (en) Password-based key management
CN106534092B (en) The privacy data encryption method of key is depended on based on message
US9191198B2 (en) Method and device using one-time pad data
Miller et al. Strong security for distributed file systems
CN108833440B (en) Block chain-based network security audit system and network security audit method
EP0912011A2 (en) Method and apparatus for encoding and recovering keys
JP2024511236A (en) Computer file security encryption method, decryption method and readable storage medium
CN112866227A (en) File authorization protection method and system
Mahalakshmi et al. Effectuation of secure authorized deduplication in hybrid cloud
CN117454440A (en) Technology archive authentication method and intelligent management system based on traceable digital signature technology
Ma et al. A secure and efficient data deduplication scheme with dynamic ownership management in cloud computing
CN114553557B (en) Key calling method, device, computer equipment and storage medium
Jabbar et al. Design and implementation of hybrid EC-RSA security algorithm based on TPA for cloud storage
Bharat et al. A Secured and Authorized Data Deduplication in Hybrid Cloud with Public Auditing
CN114826759A (en) Verifiable fine-grained access control inner product function encryption method
CN114036541A (en) Application method for compositely encrypting and storing user private content
Venkatesh et al. Secure authorised deduplication by using hybrid cloud approach
Selvakumar et al. Secure Sharing of Data in Private Cloud by RSA-OAEP Algorithm
CN113055392B (en) Block chain-based unified identity authentication method
Reddy et al. Data Storage on Cloud using Split-Merge and Hybrid Cryptographic Techniques
Jin et al. Full integrity and freshness for outsourced storage
Mihailescu et al. CRANE: A Genuine Framework based on Verifiable Searchable Encryption Security and Resource Constraints Balancing on Client Side
JP3557112B2 (en) Key recovery method and program recording medium

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry

Effective date: 20230905